diff --git a/BLOB_CSI_VERSION b/BLOB_CSI_VERSION new file mode 100644 index 000000000..4250ea042 --- /dev/null +++ b/BLOB_CSI_VERSION @@ -0,0 +1 @@ +BLOB_CSI_VERSION=v4.3.0 diff --git a/pipelines/OneBranch.Official.yml b/pipelines/OneBranch.Official.yml new file mode 100644 index 000000000..f16171e9f --- /dev/null +++ b/pipelines/OneBranch.Official.yml @@ -0,0 +1,218 @@ +################################################################################# +# OneBranch Pipelines # +################################################################################# +# This pipeline is intended to be the Official OneBranch pipeline for pushing # +# new versions of our blob csi driver. # +# . # +# For now, it is used as a Buddy Build until we can get it working officially. # +################################################################################# + +trigger: none + +resources: + repositories: + - repository: templates + type: git + name: OneBranch.Pipelines/GovernedTemplates + ref: refs/heads/main + - repository: Hydra + clean: true + type: git + name: One/Hydra + ref: echairez/cross-repo-pipelines + +variables: + - template: pipelines/templates/OneBranch.repo.variables.yml@Hydra + parameters: + buildType: buddy + - template: pipelines/templates/shared_variables.yml@Hydra + parameters: + location: eastus + # Usually used for build number (but N/A for OneBranch). + pipelineShortName: OneBranch + - name: BlobImageRepo + value: "blob-csi" + +parameters: + - name: acr + displayName: ACR for container image publish + type: string + default: hydraedgecidev + values: + - hydraedge + - hydraedgecidev + - name: architectures + displayName: Architectures to build + type: object + default: + - amd64 + - arm64 + +extends: + template: v2/OneBranch.NonOfficial.CrossPlat.yml@templates # https://aka.ms/obpipelines/templates + parameters: + containers: + - container: linux_build_container + image: $(LinuxContainerImage) + type: Linux + endpoint: "hydraedge-acr-connection" + + globalSdl: # https://aka.ms/obpipelines/sdl + # tsa: + # enabled: true # SDL results of non-official builds aren't uploaded to TSA by default. + # credscan: + # suppressionsFile: $(Build.SourcesDirectory)\.config\CredScanSuppressions.json + policheck: + break: true # always break the build on policheck issues. You can disable it by setting to 'false' + # suppression: + # suppressionFile: $(Build.SourcesDirectory)\.gdn\global.gdnsuppress + stages: + - stage: setup + jobs: + - job: Setup + timeoutInMinutes: 30 + displayName: Setup + pool: + type: linux + variables: + ob_outputDirectory: "$(Build.ArtifactStagingDirectory)/out" + steps: + - checkout: Hydra + - template: pipelines/templates/job_start.yml@Hydra + parameters: + logInAgentUami: false + uploadAdx: false + installVenv: false + installReportGenerator: false + + - task: onebranch.pipeline.version@1 + displayName: "Setup BuildNumber" + inputs: + system: "RevisionCounter" + major: "1" + minor: "0" + exclude_commit: true + + - bash: | + pushd Hydra + scripts/setup_pipeline_variables.sh $(Build.BuildId) + popd + displayName: Setup environment + name: setupStep + + - stage: build + dependsOn: + - setup + variables: + TOOLCHAIN_IMAGE: $[ stageDependencies.setup.Setup.outputs['setupStep.TOOLCHAIN_IMAGE'] ] + pipelineBuildTag: $[ stageDependencies.setup.Setup.outputs['setupStep.VERSION_TAG'] ] + jobs: + - ${{ each arch in parameters.architectures }}: + - job: build_csi_container_${{ arch }} + timeoutInMinutes: 60 + displayName: Build ${{ arch }} BlobCSIImage + pool: + type: docker + os: linux + hostArchitecture: ${{ arch }} + variables: + ob_git_checkout: true + steps: + - template: pipelines/templates/job_start.yml@Hydra + parameters: + logInAgentUami: false + uploadAdx: false + installVenv: false + installReportGenerator: false + + # We always sign in to hydraedge since it holds our runtime/toolchain + # images, in addition to the ACR that we'll actually put the built + # images in. + - template: pipelines/templates/acr_login.yml@Hydra + parameters: + acr: hydraedge + onebranch: true + + - template: pipelines/templates/acr_login.yml@Hydra + parameters: + acr: ${{ parameters.acr }} + onebranch: true + + - task: onebranch.pipeline.imagebuildinfo@1@2 + displayName: Build blob csi ${{ arch }} image + inputs: + dockerFileContextPath: . + dockerFileRelPath: pkg/blobplugin/Dockerfile.mariner + repositoryName: $(BlobImageRepo) + registry: "${{ parameters.acr }}.azurecr.io" + saveImageToPath: "$(BlobImageRepo)-${{ arch }}.tar" + enable_network: true # We may not want to do this... but current files require it + enable_acr_push: true + buildkit: 1 # turn on for optimizations like caching, parallelization, new dockerfile options + enable_cache: true # take advantage of multi-stage caching + endpoint: "${{ parameters.acr }}-acr-connection" + arguments: --build-arg ARCH=${{ arch }} --build-arg BUILD_IMAGE=$(TOOLCHAIN_IMAGE) + build_tag: "$(pipelineBuildTag)-${{ arch }}" + + - stage: publish + dependsOn: + - setup + - build + variables: + pipelineBuildTag: $[ stageDependencies.setup.Setup.outputs['setupStep.VERSION_TAG'] ] + jobs: + - job: PublishArtifacts + timeoutInMinutes: 30 + displayName: Publish artifacts + pool: + type: linux + isCustom: true + name: $(AGENT_POOL) + variables: + ob_outputDirectory: "$(Build.SourcesDirectory)/out" + HYDRA_REPO_PREFIX: "artifact/$(ServiceTreeId)/$(ONEBRANCH_BUILD_TYPE)/" + isOfficial: $[eq(variables['ONEBRANCH_BUILD_TYPE'], 'official')] + isStaging: $[eq(variables['Build.SourceBranch'], 'refs/heads/staging')] + steps: + - checkout: Hydra + - template: pipelines/templates/job_start.yml@Hydra + parameters: + logInAgentUami: false + uploadAdx: false + installVenv: false + installReportGenerator: false + + - template: pipelines/templates/acr_login.yml@Hydra + parameters: + acr: ${{ parameters.acr }} + onebranch: true + + - template: pipelines/templates/make_images_multiarch.yml@Hydra + parameters: + hydraRepoPrefix: "$(HYDRA_REPO_PREFIX)" + acr: "${{ parameters.acr }}" + architectures: ${{ parameters.architectures }} + images: + - $(BlobImageRepo) + + - ${{ if and( variables.isOfficial, variables.isStaging) }}: + - bash: | + source BLOB_CSI_VERSION + + echo "##vso[task.setvariable variable=BLOB_CSI_VERSION]${BLOB_CSI_VERSION}" + echo "##vso[task.setvariable variable=BLOB_CSI_VERSION;isOutput=true]${BLOB_CSI_VERSION}" + + if ! az acr repository show -n "${{ parameters.acr }}" --image "$(HYDRA_REPO_PREFIX)$(BlobImageRepo):$(BLOB_CSI_VERSION)" &>2 ; then + echo "##vso[task.setvariable variable=pushLatest]true" + fi + displayName: Check if version tag exists already + + - ${{ if and( variables.isOfficial, variables.isStaging, eq(variables['pushLatest'], 'true')) }}: + - template: pipelines/templates/make_images_latest.yml@Hydra + parameters: + hydraRepoPrefix: "$(HYDRA_REPO_PREFIX)" + acr: "${{ parameters.acr }}" + dstBuildTag: "$(BLOB_CSI_VERSION)" + srcBuildTag: "$(pipelineBuildTag)" + images: + - $(BlobImageRepo)